Security policy for thousands of employees
Assign topic to the user
How can i make my staffs aware of the policies to obey without using many resources because we have over 1000 staff?
Answer:
Regarding your first question, the best way is through the top management, I mean, the top management shall ensure that the security policy is available as documented information, and it is communicated within the organization (and also is available to interested parties). Top management can do the communication through emails, meetings, information published in the intranet, etc.
Regarding your second question, from my point of view in your case can be interesting an internal online course; you can use this online course for the awareness about information security of your staff, and you can also use this internal course to show to your staff all policies of the system. The course can be developed and performed by the most important employees, who also should write and/or maintain the policies and procedures. Th is article can be interesting for you “How to perform training & awareness for ISO 27001 and ISO 22301” : https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
We have a presentation, in our free downloads section, that you can use to prepare your internal course, you can find it here “Why ISO 27001 – Awareness presentation” : https://advisera.com/27001academy/free-downloads/
Finally, our online course can be also interesting for you, because we give detail information about foundations of ISO 27001:2013 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 09, 2016